{"id":2662,"date":"2020-07-14T06:07:08","date_gmt":"2020-07-13T21:07:08","guid":{"rendered":"https:\/\/hanami-web.tokyo.jp\/blog\/?p=2662"},"modified":"2020-07-14T06:07:13","modified_gmt":"2020-07-13T21:07:13","slug":"xserver-security","status":"publish","type":"post","link":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/","title":{"rendered":"WordPress\/website security measures taken with xserver"},"content":{"rendered":"<p>I use xserver. Did you know that I can easily improve the security of my worpdress and my website from the xserver server administration panel?<\/p>\n\n\n\n<p>If you don&#039;t know, log in to the server panel now!<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #000000;color:#000000\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #000000;color:#000000\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#wordpress%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e8%a8%ad%e5%ae%9a\" >WordPress Security Settings<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#%e5%9b%bd%e5%a4%96ip%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90\" >International IP access restrictions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e8%a9%a6%e8%a1%8c%e5%9b%9e%e6%95%b0%e5%88%b6%e9%99%90%e8%a8%ad%e5%ae%9a\" >Login Attempt Limit Settings<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#%e3%82%b3%e3%83%a1%e3%83%b3%e3%83%88%e3%83%bb%e3%83%88%e3%83%a9%e3%83%83%e3%82%af%e3%83%90%e3%83%83%e3%82%af%e5%88%b6%e9%99%90%e8%a8%ad%e5%ae%9a\" >Comment\/Trackback Restriction Settings<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#waf%e8%a8%ad%e5%ae%9a\" >WAF Settings<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#waf%e3%81%a3%e3%81%a6%ef%bc%9f\" >What is WAF?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#xss%e5%af%be%e7%ad%96\" >XSS Countermeasures<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#sql%e5%af%be%e7%ad%96\" >SQL Countermeasures<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e5%af%be%e7%ad%96\" >File Protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#%e3%83%a1%e3%83%bc%e3%83%ab%e5%af%be%e7%ad%96\" >Email protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#%e3%82%b3%e3%83%9e%e3%83%b3%e3%83%89%e5%af%be%e7%ad%96\" >Command Measures<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#php%e5%af%be%e7%ad%96\" >PHP Countermeasures<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#waf%e8%a8%ad%e5%ae%9a%e3%82%92%e3%81%99%e3%82%8b%e3%81%a8\" >When you set up the WAF<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/#xserver%e3%81%aewordpressweb%e3%82%b5%e3%82%a4%e3%83%88%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%81%ab%e3%81%a4%e3%81%84%e3%81%a6%e3%81%be%e3%81%a8%e3%82%81\" >Summary of xserver wordpress\/website security<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"wordpress%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e8%a8%ad%e5%ae%9a\"><\/span>WordPress Security Settings<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Many of you may have installed WordPress using the WordPress Easy Install. Have you ever clicked on the [WordPress Security Settings] in the same section?<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"327\" height=\"187\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/78feb7acbf27bca76ebc7811d81a8524.png\" alt=\"xserver wordprrss\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\" class=\"wp-image-2664\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/78feb7acbf27bca76ebc7811d81a8524.png 327w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/78feb7acbf27bca76ebc7811d81a8524-300x172.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/78feb7acbf27bca76ebc7811d81a8524-120x68.png 120w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/78feb7acbf27bca76ebc7811d81a8524-160x90.png 160w\" sizes=\"(max-width: 327px) 100vw, 327px\" \/><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e5%9b%bd%e5%a4%96ip%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90\"><\/span>International IP access restrictions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>By default, it blocks access from outside the country.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"930\" height=\"681\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/22ca5648e58b43407aa0fa17b4fb50ea.png\" alt=\"xserver wordprrss\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u56fd\u5916IP\u5236\u9650\" class=\"wp-image-2665\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/22ca5648e58b43407aa0fa17b4fb50ea.png 930w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/22ca5648e58b43407aa0fa17b4fb50ea-300x220.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/22ca5648e58b43407aa0fa17b4fb50ea-768x562.png 768w\" sizes=\"(max-width: 930px) 100vw, 930px\" \/><\/figure><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">Dashboard Access Restrictions<\/h4>\n\n\n\n<p>If you turn this on, you can prevent access to the WordPress dashboard from outside your country.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Restricted access areas<br>\u30fb\/wp-admin \u2026 Dashboard folder<br>\u30fb\/wp-login.php \u2026 File accessed when logging in to the dashboard<\/p><cite>xserver<\/cite><\/blockquote>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">XML-RPC API Access Restrictions<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box question-box common-icon-box block-box\">\n<p>What is XML-RPC?<\/p>\n<\/div>\n\n\n\n<p>This is a communication protocol used when posting articles or uploading images from a smartphone app or external system. It is a protocol used in various parts, such as the WordPress Pingback function, and this function is enabled by default in warpdress.<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box alert-box common-icon-box block-box\">\n<p>It&#039;s possible to create lists of usernames and passwords and launch login attacks.<\/p>\n<\/div>\n\n\n\n<p>XML-RPC itself is a required function for WordPress, but there is no need to allow it to be used from overseas, so we will also turn it ON.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Restricted access areas<br>\u30fb\/xmlrpc.php ... XML-RPC WordPress API (file)<\/p><cite>xserver<\/cite><\/blockquote>\n\n\n\n<h4 class=\"wp-block-heading\">REST API Access Restrictions<\/h4>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box question-box common-icon-box block-box\">\n<p>What is REST API?<\/p>\n<\/div>\n\n\n\n<p>This is also an API used to use WordPress from smartphone apps and external systems. The default setting is ON, so leave it as it is.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Restricted access areas<br>\u30fb\/wp-json \u2026 URL included when accessing REST API<\/p><cite>xserver<\/cite><\/blockquote>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box alert-box common-icon-box block-box\">\n<p>If you need to access WordPress from overseas, turn it off.<\/p>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e8%a9%a6%e8%a1%8c%e5%9b%9e%e6%95%b0%e5%88%b6%e9%99%90%e8%a8%ad%e5%ae%9a\"><\/span>Login Attempt Limit Settings<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If you log in incorrectly, you will be locked out and will not be able to log in for a certain period of time.<\/p>\n\n\n\n<p>If you forget your login password and try to log in multiple times and end up being locked out, the account will be unlocked after 24 hours and you will be able to log in again.<\/p>\n\n\n\n<p>Alternatively, you can unlock the login lock by temporarily switching this setting to [OFF].<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"915\" height=\"435\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/568b0bf38d77555cfe310dfa83f23aca.png\" alt=\"xserver wordprrss\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u30ed\u30c3\u30af\" class=\"wp-image-2666\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/568b0bf38d77555cfe310dfa83f23aca.png 915w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/568b0bf38d77555cfe310dfa83f23aca-300x143.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/568b0bf38d77555cfe310dfa83f23aca-768x365.png 768w\" sizes=\"(max-width: 915px) 100vw, 915px\" \/><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%82%b3%e3%83%a1%e3%83%b3%e3%83%88%e3%83%bb%e3%83%88%e3%83%a9%e3%83%83%e3%82%af%e3%83%90%e3%83%83%e3%82%af%e5%88%b6%e9%99%90%e8%a8%ad%e5%ae%9a\"><\/span>Comment\/Trackback Restriction Settings<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If a large number of comments or trackbacks are made, restrictions will be applied. Restrictions will be lifted in 6 hours.<\/p>\n\n\n\n<p>Restrict comments and trackbacks from overseas IP addresses. It is important to note that all the other settings we have introduced so far are recommended settings.<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box alert-box common-icon-box block-box\">\n<p>The only setting that is not recommended is the restriction of comments and trackbacks from overseas IP addresses.<\/p>\n<\/div>\n\n\n\n<p>If you do not want to receive comments or trackbacks from overseas, or if you are having trouble with comments or trackbacks from overseas, change it to the recommended setting, which is ON.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"937\" height=\"507\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/8e83d9be1d7a8b907ae9fe508c274c80.png\" alt=\"xserver wordprrss\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u30b3\u30e1\u30f3\u30c8\u30c8\u30e9\u30c3\u30af\u30d0\u30c3\u30af\u8a2d\u5b9a\" class=\"wp-image-2667\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/8e83d9be1d7a8b907ae9fe508c274c80.png 937w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/8e83d9be1d7a8b907ae9fe508c274c80-300x162.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/8e83d9be1d7a8b907ae9fe508c274c80-768x416.png 768w\" sizes=\"(max-width: 937px) 100vw, 937px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"waf%e8%a8%ad%e5%ae%9a\"><\/span>WAF Settings<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In the security section of the xserver server panel, click [WAF Settings]<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"313\" height=\"242\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/24c125241d8c44a3754eaebaca358751.png\" alt=\"xserver\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56WAF\u8a2d\u5b9a\" class=\"wp-image-2668\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/24c125241d8c44a3754eaebaca358751.png 313w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/24c125241d8c44a3754eaebaca358751-300x232.png 300w\" sizes=\"(max-width: 313px) 100vw, 313px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"920\" height=\"756\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88.png\" alt=\"xserver\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56WAF\u8a2d\u5b9a\" class=\"wp-image-2669\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88.png 920w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88-300x247.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88-768x631.png 768w\" sizes=\"(max-width: 920px) 100vw, 920px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box information-box common-icon-box block-box\">\n<p>The default setting is all OFF.<\/p>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"waf%e3%81%a3%e3%81%a6%ef%bc%9f\"><\/span>What is WAF?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Abbreviation for Web Application Firewall.<br>It is a security measure that protects websites from attacks that exploit vulnerabilities in web applications.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>bad login<\/li><li>hacking<\/li><\/ul>\n\n\n\n<p>It is a security measure enabled against etc.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"xss%e5%af%be%e7%ad%96\"><\/span>XSS Countermeasures<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>This function is effective for access that has embedded script tags such as Javascript.<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box information-box common-icon-box block-box\">\n<p>This is useful for sites that have a function to display information posted by third parties on WordPress, such as bulletin boards.<\/p>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"sql%e5%af%be%e7%ad%96\"><\/span>SQL Countermeasures<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Detects access in which a string corresponding to SQL syntax is inserted.<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box information-box common-icon-box block-box\">\n<p>This is effective when you are using plugins that use a database, such as membership sites, email newsletter registrations, etc. I think most plugins use a database, so I recommend turning it ON.<\/p>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e5%af%be%e7%ad%96\"><\/span>File Protection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Detects access including server-related configuration files such as .htpasswd, .htaccess, and httpd.conf.<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box information-box common-icon-box block-box\">\n<p>This is a useful function if you are using a bulletin board with an image upload function or a plugin that performs some kind of operation on files.<\/p>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%a1%e3%83%bc%e3%83%ab%e5%af%be%e7%ad%96\"><\/span>Email protection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Detects access that includes strings related to email headers such as &quot;to&quot;, &quot;cc&quot;, and &quot;bcc&quot;<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box information-box common-icon-box block-box\">\n<p>We recommend keeping it turned ON on sites that use email functions, such as contact forms.<\/p>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%82%b3%e3%83%9e%e3%83%b3%e3%83%89%e5%af%be%e7%ad%96\"><\/span>Command Measures<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Detects access that contains strings related to commands such as kill, ftp, mail, ping, and ls<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box information-box common-icon-box block-box\">\n<p>This is effective when using plugins created in PHP, Perl, etc. that use command execution, so we recommend leaving it ON since plugins basically use PHP.<\/p>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"php%e5%af%be%e7%ad%96\"><\/span>PHP Countermeasures<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Detects accesses including functions related to session and file operations, as well as functions that are likely to be the source of vulnerabilities<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box information-box common-icon-box block-box\">\n<p>This is effective when you are using a plugin that uses PHP, so we recommend that you keep it ON since plugins basically use PHP.<\/p>\n\n\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"waf%e8%a8%ad%e5%ae%9a%e3%82%92%e3%81%99%e3%82%8b%e3%81%a8\"><\/span>When you set up the WAF<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Please wait for the changes to be reflected. They will be reflected in about an hour.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"912\" height=\"612\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/3334b06a565f8d20f14194da63ca4307.png\" alt=\"xserver\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56WAF\u8a2d\u5b9a\" class=\"wp-image-2670\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/3334b06a565f8d20f14194da63ca4307.png 912w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/3334b06a565f8d20f14194da63ca4307-300x201.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/3334b06a565f8d20f14194da63ca4307-768x515.png 768w\" sizes=\"(max-width: 912px) 100vw, 912px\" \/><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"xserver%e3%81%aewordpressweb%e3%82%b5%e3%82%a4%e3%83%88%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%81%ab%e3%81%a4%e3%81%84%e3%81%a6%e3%81%be%e3%81%a8%e3%82%81\"><\/span>Summary of xserver wordpress\/website security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>What do you think? Xserver has security features for WordPress.<\/p>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box question-box common-icon-box block-box\">\n<p>Is WordPress secure? What&#039;s the best security plugin?<\/p>\n<\/div>\n\n\n\n<p>I think this is a question that many of you may have. The security measures introduced in this article can be achieved by using xserver. There is no need to take duplicate security measures, so please think carefully about security plugins before setting them up!<\/p>\n\n\n\n<a href=\"https:\/\/px.a8.net\/svt\/ejp?a8mat=2ZGVY0+FRE522+CO4+65ME9\" rel=\"nofollow\">\n<img decoding=\"async\" border=\"0\" width=\"728\" height=\"90\" alt=\"\" src=\"https:\/\/www29.a8.net\/svt\/bgt?aid=180506808953&#038;wid=002&#038;eno=01&#038;mid=s00000001642001034000&#038;mc=1\"><\/a>\n<img decoding=\"async\" border=\"0\" width=\"1\" height=\"1\" src=\"https:\/\/www10.a8.net\/0.gif?a8mat=2ZGVY0+FRE522+CO4+65ME9\" alt=\"\">\n\n\n\n<p>This is an article I wrote previously. I think it will be useful even for those who don&#039;t use xserver!<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-hanami-web-wordpress-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"Q0BOXjBFJJ\"><a href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security\/\">I thought about security measures for WordPress<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201cI thought about security measures for WordPress\u201d \u2014 How to create a homepage using WordPress\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/seo\/security\/embed\/#?secret=uW6meEY3jf#?secret=Q0BOXjBFJJ\" data-secret=\"Q0BOXjBFJJ\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Once you have taken security measures, you should also take SEO measures!<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-hanami-web-wordpress-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"BztIrUpABQ\"><a href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/google-develop-guide\/\">What is SEO? Here are 14 measures from Google Developer Guidelines that even beginners can do!<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201cWhat is SEO? 14 SEO tips from Google Developer Guidelines that even beginners can follow!\u201d \u2014 How to create a website using WordPress\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/seo\/google-develop-guide\/embed\/#?secret=pqfFmxQyGZ#?secret=BztIrUpABQ\" data-secret=\"BztIrUpABQ\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>","protected":false},"excerpt":{"rendered":"<p>\u79c1\u306fxserver\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u3002xserver\u306e\u30b5\u30fc\u30d0\u30fc\u7ba1\u7406\u30d1\u30cd\u30eb\u304b\u3089\u7c21\u5358\u306bworpdress\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3068web\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u5f37\u5316\u3067\u304d\u308b\u3063\u3066\u77e5\u3063\u3066\u3044\u307e\u3059\u304b\uff1f \u77e5\u3089\u306a\u3044\u65b9\u306f\u4eca\u3059\u3050\u30b5\u30fc\u30d0\u30fc\u30d1\u30cd\u30eb\u3078\u30ed\u30b0\u30a4 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2669,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_uag_custom_page_level_css":"","footnotes":""},"categories":[12,3],"tags":[190],"class_list":["post-2662","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seo","category-website-first","tag-xserver"],"blocksy_meta":[],"aioseo_notices":[],"uagb_featured_image_src":{"full":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88.png",920,756,false],"thumbnail":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88-150x150.png",150,150,true],"medium":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88-300x247.png",300,247,true],"medium_large":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88-768x631.png",768,631,true],"large":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88.png",920,756,false],"1536x1536":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88.png",920,756,false],"2048x2048":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88.png",920,756,false],"trp-custom-language-flag":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/07\/2f7bb88fd59c0768607ba73b182bdf88.png",15,12,false]},"uagb_author_info":{"display_name":"\u682a\u5f0f\u4f1a\u793eHanamiWEB \u4ee3\u8868\u53d6\u7de0\u5f79 \u677e\u6d66\u307f\u3055","author_link":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/author\/hanami\/"},"uagb_comment_info":0,"uagb_excerpt":"\u79c1\u306fxserver\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u3002xserver\u306e\u30b5\u30fc\u30d0\u30fc\u7ba1\u7406\u30d1\u30cd\u30eb\u304b\u3089\u7c21\u5358\u306bworpdress\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3&hellip;","brizy_media":[],"_links":{"self":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/posts\/2662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/comments?post=2662"}],"version-history":[{"count":0,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/posts\/2662\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/media\/2669"}],"wp:attachment":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/media?parent=2662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/categories?post=2662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/tags?post=2662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}